Lab Automous AP

TRUNG TM TIN HC VNPRO
149/1D Ung Vn Khim, Phng 25, Qun Bnh Thnh, Tp.HCM

Tel: 08 35124257
Fax: 08 35124314
Website: www.vnpro.vn
Forum: http://www.vnpro.org
Livechat: www.vnpro,vn/support
Email: vnpro@vnpro.org
CU HNH AUTONOMOUS AP
S :
Hnh 1.
M t:
Mt Access point ca mt cng ty cn phi thc hin ph sng wireless cho phng
khch ca cng ty y. Yu cu t ra l AP ny cn phi pht ra 02 SSID, mt cho khch
n thm v mt cho nhn vin ca cng ty. Khch n thm c th truy nhp wireless
vo mt VLAN dnh ring cho khch m khng cn phi xc thc thng qua SSID
Guest. Ngc li, nu mun truy nhp vo VLAN cho nhn vin cn phi truy nhp
thng qua SSID Staff v phi chu xc thc bng password secret_key mi c th
vo c VLAN dnh ring cho nhn vin ca cng ty.
Yu cu:
1. Cu hnh VLAN trn SW3560:
VLAN 1: gn subnet l 192.168.1.0/24.
VLAN 10: Guest; gn subnet l 192.168.10.0/24.
VLAN 20: Staff; gn subnet l 192.168.20.0/24.
2. Cu hnh Trunking Dot1Q gia SW v AP.
3. Cu hnh DHCP Server trn SW cp IP cho c hai VLAN ny.
4. Cu hnh cc thng s c bn cho AP. Dng PC kt ni vo cng f0/24 ca SW
truy nhp AP bng giao din web cu hnh cc SSID tng ng vi cc VLAN
10 v 20 theo nh yu cu nu ra trong phn m t trn.
1
Point
Lab Autonomous Access -

Tel: 08 35124257
Fax: 08 35124314
Thc hin:
Bc 1: Cu hnh cc VLAN trn SW3560, VLAN 10 dnh cho khch v VLAN 20
dnh cho nhn vin.
Switch(config)#vlan 10
Switch(config-vlan)#name Guest
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name Staff
Switch(config-vlan)#exit
Kim tra cu hnh VLAN trn Switch:

Switch#show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1
Gi0/2
10
Guest
active
20
Staff
active
1002 fddi-default
act/unsup
1003 trcrf-default
act/unsup
1004 fddinet-default
act/unsup
1005 trbrf-default
act/unsup
Bc 2: Cu hnh trunking trn cng u ni vi AP.

Switch(config)#interface f0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Bc 2: t a chi IP cho cc interface vlan tng ng vi cc VLAN.

Switch(config)#interface vlan 10
Switch(config-if)#no shutdown
Switch(config-if)#ip address 192.168.10.1 255.255.255.0
Switch(config)#interface vlan 20
Switch(config-if)#no shutdown
Switch(config-if)#ip address 192.168.20.1 255.255.255.0
Bc 3: Cu hnh DHCP Server cp IP cho cc VLAN 10 v 20.

Switch(config)#ip dhcp pool Guest
Switch(dhcp-config)#network 192.168.10.0 255.255.255.0
Switch(dhcp-config)#default-router 192.168.10.1
Switch(dhcp-config)#dns-server 8.8.8.8
Switch(dhcp-config)#exit
Switch(config)#ip dhcp pool Staff
Switch(dhcp-config)#network 192.168.20.0 255.255.255.0
2
Point

Tel: 08 35124257
Fax: 08 35124314
Switch(dhcp-config)#default-router 192.168.20.1
Switch(dhcp-config)#dns-server 8.8.8.8
Switch(dhcp-config)#exit
Bc 4: Cu hnh cc thng s ban u cho Access Point Aironet 1130AG.

Mc nh, Access point Aironet 1130AG ca Cisco c cu hnh sn:
-
Mt enable secret password l Cisco.

Mt ti khon local c username l Cisco v password l Cisco.
Xc thc local c thc hin trn line vty v vi truy nhp bng giao din web.
Khng c a ch IP ban u trn AP.
Do :
-
Khi ng nhp vo AP bng cng Console, ta phi nhp password l Cisco vo

c mode Privilege.
truy nhp vo AP bng Telnet hoc bng giao din Web, ta phi t a ch IP
ban u cho AP.
Khi truy nhp vo AP bng Telnet hoc Web, ta phi nhp Username l Cisco,
password l Cisco.
Trong bi lab ny, ta s thc hin truy nhp Web vo AP bng a ch 192.168.1.1,
username v password s c i thnh cisco v vnpro. t c iu ny, ta thc
hin cu hnh c bn ban u cho Access Point:
- ng nhp vo AP qua cng Console. Nu cha cu hnh g c th enable password
mc nh l Cisco.
- t a ch IP cho AP trn cng BVI1 y chnh l a ch i din cho AP giao tip
vi bn ngoi:
ap(config)#interface BVI1
ap(config-if)#ip address 192.168.1.1 255.255.255.0
- To ti khon mi cho vic truy nhp Web: username cisco, password vnpro.
ap(config)#username cisco password vnpro
- Ta cng c th i li enable secret password thnh vnpro:

ap(config)#enable secret vnpro
Bc 5: S dng mt PC truy nhp vo AP bng giao din Web (s dng trnh duyt
l Internet Explorer hoc Mozila FireFox).
Trong s lab hnh 1, PC cu hnh c kt ni vo VLAN 1. Cc thng tin cu hnh
Web vo AP cng thng qua VLAN 1 (VLAN qun l ca Switch). Ta thc hin t
a ch ca AP v ca PC l cc IP nm trong di IP cp cho VLAN 1 (di
192.168.1.0/24). y, ta t IP cho PC l 192.168.1.2/24.
3
Point

Tel: 08 35124257
Fax: 08 35124314
T PC, thc hin truy nhp vo AP bng Internet Explorer, nhp a ch ca AP vo

thanh a ch ca trnh duyt, ca s xc thc hin ra (hinh 2):
Hnh 2.
4
Point

Tel: 08 35124257
Fax: 08 35124314
Nhp Username l cisco, Password l vnpro, ca s giao din cu hnh AP hin ra

(hnh 3):
Hnh 3.
Bc 6: Thc hin cu hnh cc SSID Guest v Staff
Chn phn EXPRESS SECURITY, ca s cu hnh cho phn ny hin ra (hnh 4):
5
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 4.
Ta to ra cc SSID theo yu cu:
-
To SSID Guest cho VLAN 10 (hnh 5). Sau khi nhp xong, nhn Apply
update cu hnh.
Hnh 5.
-
To SSID Staff cho VLAN 20 (hnh 6). Sau khi nhp xong, nhn Apply update
cu hnh.
6
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 6.
Lu :
-
Sau mi bc cu hnh, ta phi nhn Apply update cu hnh.
Trong cc bc trn, ta b trng, khng check Broadcast SSID in Beacon.
Ta c th kim tra cc SSID to ra bng cch xem bng SSID table ca ca s

EXPRESS SECURITY (hnh 7):
Hnh 7.
Tip theo, ta vo ca s ca phn SECURITY (hnh 8):
7
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 8.
Chn mc SSID Manager, ca s cu hnh thuc tnh SSID s hin ra (hnh 9):
8
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 9.
Trong Current SSID List, ta chn SSID Guest tng ng vi VLAN10 (hnh 10):
Hnh 10.
Trong mc Interface ta chn Radio0-802.11G ghp SSID ny vo thu pht chun
G. Nu mun bt thm chun A th ta check thm vo Radio0-802.11A trong mc
Interface(hnh10).
9
Lab Autonomous Access Point

Tel: 08 35124257
Fax: 08 35124314
Ko thanh cun xung, trong mc Guest Mode/Infrastructure SSID Settings, ta chn

Multiple BSSID, ri nhn Apply cp nht cu hnh (hnh 11):
Hnh 11.
Tip theo, trong mc Multiple BSSID Beacon Settings , ta check vo Set SSID as
Guest Mode sau nhn Apply update cu hnh (hnh 12):
Hnh 12.
Thc hin tng t vi SSID Staff.
Bc 7: Cu hnh AP pht sng theo chun G.
- Vo mc NETWORK INTERFACES, cc thng s trn cc cng hin ra (hnh 12).
Ta thy: hin nay cc giao din Radio0-802.11G v Radio1-802.11A u cha c bt
ln (Disabled/Down).
10
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 13.
- T y, ta vo tip phn Radio0-802.11G. Trong phn ny, ta chn th SETTINGS
(hnh 14):
11
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 14.
Trong ca s ca th SETTINGS, ta chn Enable pht sng chun G (hnh 15):
Hnh 15.
12
Point

Tel: 08 35124257
Fax: 08 35124314
Ta c th chn tc cho thu pht d liu trong ca s ny (hnh 16):
Hnh 16.
Ta cng c th chn knh pht sng (hinh 17):
Hnh 17.
13
Point

Tel: 08 35124257
Fax: 08 35124314
Sau khi thit lp xong, ta quay li ca s NETWORK INTERFACES kim tra (hnh
18):
Hnh 18.
Ch : Vic thit lp SSID, map VLAN, cu hnh guest mode (bc 6) phi c thc
hin trc khi thit lp thu pht Radio (bc 7), nu khng cc interface dot11G hoc
dot11A s khng th up ln c.
Bc 8: Kim tra li cc SSID c thit lp.
n y, ta c cc SSID c pht ra, cc user c th truy nhp vo c cc
VLAN thch hp. Ta kim tra li iu ny:
-
Trn ca s ca mc EXPRESS SECURITY, ta kim tra li bng SSID

Table: cc SSID u c check trong ct Broadcast SSID (hnh 19):
Hnh 19.
-
Trn ca s ca mc SECURITY, ta kim tra bng Service Set Identifiers

(SSIDs): cc SSID u c check ct BSSID/Guest Mode (hnh 20):
Hnh 20.
14
Point

Tel: 08 35124257
Fax: 08 35124314
Trn cc Wireless Client thc hin qut sng, ta s thy cc SSID c pht
ra , tuy nhin SSID Staff vn cha c xc thc (Unsecured wireless network)
(hnh 21):
Hnh 21.
Bc 9: Cu hnh password Pre-shared Key WPA 2 cho SSID Staff.
Trong mc SECURITY, chn tip mc Encryption manager (hnh 22):
Hnh 22.
15
Point

Tel: 08 35124257
Fax: 08 35124314
Trong mc Security: Encryption Manager ca ca s Encryption manager, ta chn

VLAN 20 l VLAN tng ng vi SSID Staff cn cu hnh password (hnh 23):
Hnh 23.
Tip theo, trong mc Encryption Modes, ta chn Cipher v thit lp cu hnh m
ha thch hp. Ta s dng chun bo mt WPA 2 cho SSID Staff th phng thc m
ha c chn phi l AES CCMP (hnh 24):
Hnh 24.
Nh ko thanh cun xung, chn Apply cp nht cu hnh.
Bc k tip, ta chuyn sang ca s SSID Manager ca mc SECURITY (hnh 25):
16
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 25.
Trong ca s ny, ta chn SSID Staff trong mc SSID Properties (hnh 26):
Hnh 26.
Ko thanh cun xung, ta thc hin chn cc thng s thch hp trong ca s Client
Authenticated Key Management (hnh 27):
Hnh 27.
Cui cng, ko thanh cun xung tip, trong mc Multiple BSSID Beacon Setting,
nhn Apply cp nht cu hnh (hnh 28):
Hnh 28.
17
Point

Tel: 08 35124257
Fax: 08 35124314
Bc 10: Kim tra cu hnh thc hin.

n y ta hon tt cu hnh nh yu cu. Ta thc hin mt s thao tc kim tra:
- Kim tra bng SSID Table trong mc EXPRESS SECURITY (hnh 29):
Hnh 29.
- Kim tra trn Client ta thy cc SSID Guest v Staff c pht ra, trong ,
Staff c ci xc thc WPA2 (hnh 30):
Hnh 30.
-
T Client, th truy nhp vo Guest, kt qu l khng b xc thc v card mng

nhn c a ch IP dnh cho VLAN 10 (hnh 31):
18
Point

Tel: 08 35124257
Fax: 08 35124314
Hnh 31.
19
Point

Tel: 08 35124257
Fax: 08 35124314
T Client, ta li th truy nhp vo Staff, mt ca s hin ra yu cu xc thc

(hnh 32):
Hnh 32.
Ta phi nhp ng password l secret_key th client mi c th ng nhp c
vo mng v nhn c a ch IP thch hp (dnh cho VLAN 20). Kt qu ng
nhp c hin th trong hnh 33:
( ng nhp thnh cng)
20
Point

Tel: 08 35124257
Fax: 08 35124314
( nhn c a ch IP thch hp)

Hnh 33.
21
Point

Lab Automous AP

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab Automous AP

Uploaded by

Copyright:

Available Formats

TRUNG TM TIN HC VNPRO

149/1D Ung Vn Khim, Phng 25, Qun Bnh Thnh, Tp.HCM

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Kim tra cu hnh VLAN trn Switch:

Bc 2: Cu hnh trunking trn cng u ni vi AP.

Bc 2: t a chi IP cho cc interface vlan tng ng vi cc VLAN.

Bc 3: Cu hnh DHCP Server cp IP cho cc VLAN 10 v 20.

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Bc 4: Cu hnh cc thng s ban u cho Access Point Aironet 1130AG.

Mt enable secret password l Cisco.

Khi ng nhp vo AP bng cng Console, ta phi nhp password l Cisco vo

- Ta cng c th i li enable secret password thnh vnpro:

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

T PC, thc hin truy nhp vo AP bng Internet Explorer, nhp a ch ca AP vo

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Nhp Username l cisco, Password l vnpro, ca s giao din cu hnh AP hin ra

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Sau mi bc cu hnh, ta phi nhn Apply update cu hnh.

Trong cc bc trn, ta b trng, khng check Broadcast SSID in Beacon.

Ta c th kim tra cc SSID to ra bng cch xem bng SSID table ca ca s

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

TRUNG TM TIN HC VNPRO

Ko thanh cun xung, trong mc Guest Mode/Infrastructure SSID Settings, ta chn

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Ta c th chn tc cho thu pht d liu trong ca s ny (hnh 16):

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Trn ca s ca mc EXPRESS SECURITY, ta kim tra li bng SSID

Trn ca s ca mc SECURITY, ta kim tra bng Service Set Identifiers

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Trong mc Security: Encryption Manager ca ca s Encryption manager, ta chn

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Bc 10: Kim tra cu hnh thc hin.

T Client, th truy nhp vo Guest, kt qu l khng b xc thc v card mng

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

T Client, ta li th truy nhp vo Staff, mt ca s hin ra yu cu xc thc

( ng nhp thnh cng)

Lab Autonomous Access -

TRUNG TM TIN HC VNPRO

( nhn c a ch IP thch hp)